curiousecurity

Yet another blog about info & networking security this and that… Buzzword… Catchphrase…

  • Posts
  • About
  • Career
  • Education
  • Contact
  • LinkedIn
  • GitHub
  • Email

FireEye Dashboards Replicated In Splunk

August 21, 2014 by ryanhorst Leave a Comment

After installing the FireEye app for Spunk and having some issues with it, the app was uninstalled, which left a gap that needed to be filled. So off I went into Splunk land to see if I could scrounge together some decent "dashboard" worthy search queries that could help display important information. Below are a collection of the search queries I have built thus far. It is, be no means, an exhaustive list because anyone who knows Splunk easily knows that there are soooo many more ways to show … [Read more...]

Filed Under: Howto Article, Linux, Network Security, Threat Protecton and Prevention Tagged With: FireEye, Splunk

FireEye Role Based Access Control (RBAC)

April 16, 2014 by ryanhorst 7 Comments

Regarding role based access control and Active Directory integration with FireEye back in FEOS versions 7.0.x (webmps), 6.3.2 (emailmps) and 6.4.1 (CMS), we only had the ability to map a single Active Directory group to a single FireEye "role". And most enterprises would probably have mapped that single group to the Admin role. Well..... Fast >> Forward >> to FEOS 7.1 "Shasta" where FireEye has merged the various code revisions for web/email/CMS into one single version, and we are … [Read more...]

Filed Under: Howto Article, Linux, Network Security, Threat Protecton and Prevention Tagged With: Active Directory, FireEye, LDAP, RBAC

BlueCoat Proxy Splash Page For FireEye Integration

March 29, 2014 by ryanhorst

Hello again. If you are here, you are probably looking for some HowTo help on FireEye Integration With BlueCoat Proxy, or perhaps you have already completed that and are looking for a good splash page to use for FireEye blocks. Either way, I thank you for stopping by, and hope to be of some assistance if possible. When I started working on the integration it was actually fairly simplistic, in that the proxy is just using the FireEye output as an input for the Central Policy file, which we … [Read more...]

Filed Under: Network Security, Threat Protecton and Prevention, Web Proxy Tagged With: BlueCoat, FireEye, ProxySG

BlueCoat Proxy – Web URL Category Review / Best Practices

January 18, 2014 by ryanhorst

This page will attempt to assist you in building a Web URL Category review process, as well as provide best practice recommendations from BlueCoat and my own personal experience with BlueCoat. BlueCoat does not update their Web URL Categories very often, but it does happen about once every 12-18 months. In earlier times, they were not very helpful about this and normally only included a single email to subscribed users (a very manual process - it is not created for you when you purchase a … [Read more...]

Filed Under: Howto Article, Information Security, Network Security, Threat Protecton and Prevention, Web Proxy Tagged With: BlueCoat, ProxySG, URL Filter

Word To Enterprises… Update Your Security Kit Regularly

January 18, 2014 by ryanhorst

Often times when I come to a company it is to bolster, revamp or help them re-evaluate their web security posture, with a focus on data exfiltration investigations and outbound web proxy is a great place to start. 90% of the time, when I finally gain access to the management console, I am greeted by an appalling SGOS 5.4 or 5.5 header across the top... This is sad because those versions of code were released 4-5 years ago, and have since been replaced by a much much richer SGOS code, with many … [Read more...]

Filed Under: Information Security, Network Security, Threat Protecton and Prevention, Uncategorized, Web Proxy Tagged With: BlueCoat, ProxySG

Web Proxy And The Need For SSL Decryption

January 18, 2014 by ryanhorst

Most organizations will deploy a Web Proxy solution, but not intercept HTTPS traffic to do SSL decryption and inspection. This may be done for various reasons * Not yet having a PKI infrastructure to manage the SSL browser certificates * Perhaps the AD/GPO team doesn’t want to manage SSL certificate on the user PC * Security teams may be weary about man-in-the-middle issues * Maybe SSL interception just wasn’t a concern at the time. Without doing SSL decryption and inspection our … [Read more...]

Filed Under: Information Security, Network Security, Threat Protecton and Prevention, Web Proxy Tagged With: BlueCoat, ProxySG

BlueCoat Proxy – Log Injection For Rule Tracking

January 18, 2014 by ryanhorst

Unfortunately BlueCoat doesn't have a nice and fancy log tracker type utility like CheckPoint has in Smart Tracker, so the rules do not have numbers.  However, you can work around this by using some log injection smoke and mirror tricks. There are a few unused (or not very often used) log variables that can be used in conjunction with a specific action on a rule, that when matched, will create a log line with a piece of text of your choosing. … [Read more...]

Filed Under: Howto Article, Information Security, Network Security, Threat Protecton and Prevention, Web Proxy Tagged With: BlueCoat, Logging, ProxySG

FireEye Integration With BlueCoat Proxy

January 18, 2014 by ryanhorst

This tutorial will assist you in setting up FireEye Integration With BlueCoat Proxy, by using a URL list populated by FireEye to use in the BlueCoat as another web filter. This filter can then be used in BlueCoat policy just like the BCWF, McAfee Smartfilter, etc... … [Read more...]

Filed Under: Howto Article, Information Security, Linux, Network Security, Threat Protecton and Prevention, Uncategorized, Web Proxy Tagged With: BlueCoat, FireEye, Integration, ProxySG

Check Point Firewall – Detect SSH over Non Standard Ports

January 25, 2012 by ryanhorst

Many enterprises deploy proxies these days, but many are not aware that if they are not configured correctly they may be allowing SSH over Non Standard Ports, giving a tech savvy employee the keys to exploit this fault. Most times this is SSH over HTTP/HTTPS, but can also be over other ports, which is less common. Blue Coat proxies detect and drop this type of activity by default, but like I said, all it takes is a few small lines of CPL to override this default blocking (CPL is left out … [Read more...]

Filed Under: Firewall, Howto Article, Network Security, Threat Protecton and Prevention Tagged With: CheckPoint

Blue Coat ProxySG – ICAP, deferred scanning, and data trickling

January 4, 2012 by ryanhorst

Recently I was digging into a BlueCoat ProxySG / ProxyAV setup for ICAP and noticed some things that had room for improvement. Not a major overhaul, but some things that were missed from the best practices guide that just so happened to be causing a bit of an issue. Below is part of the small case study I completed to explain the options and differences between them, as well as my recommendations to management on how to proceed. Scope: At least once a month, if not more, I would hear … [Read more...]

Filed Under: Howto Article, Information Security, Network Security, Threat Protecton and Prevention Tagged With: BlueCoat, DLP, ProxySG

  • 1
  • 2
  • Next Page »